Pollard’s P-1 Factorization Algorithm, Revisited

September 16, 2011

We’ll solve this exercise twice, the first version with the improved second stage and adding the periodic calculation of the gcd at the second version. Beware that this gets messy, even though the concept is fairly simple. Here’s the first version:

This is long but not hard. The calculations of ps, as and ds are done inside the closure but outside the function, so they are computed only once, at the time the function is defined, and reused at each call to the function; a consequence of this organization is that it is difficult to change B1 and B2. Vector dv holds the modular exponentiations of the differences.

The second version is messier, adding a counter j to keep track of when to compute the gcd and variables ps-saved, as-saved, ds-saved and q-saved to hold the breakpoints for backtracking; there’s also more code because now, for each stage, there are two different steps, the primary step that calculates successive qs and the secondary step that calculates both qs and also the gcd.

We used bounds B1 = 160000 and B2 = 3200000, which requires space to store about a quarter of a million primes and takes less than a second to run through the entire list and fail to split a fifty-digit composite. Generally speaking, bounds up to B1 = 2000000 and B2 = 100000000 are realistic; after that the elliptic curve method is faster. Also, it is usually best to use trial division or Pollard’s rho method to extract small factors before calling the p−1 method, since they will be quicker.